Fedora Linux 8811 Published by

A libldb security update has been released for Fedora 34.



SECURITY: Fedora 34 Update: libldb-2.3.2-1.fc34


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2021-1d77047c61
2021-12-01 01:12:49.872644
--------------------------------------------------------------------------------

Name : libldb
Product : Fedora 34
Version : 2.3.2
Release : 1.fc34
URL :   http://ldb.samba.org/
Summary : A schema-less, ldap like, API and database
Description :
An extensible library that implements an LDAP like API to access remote LDAP
servers, or use local tdb databases.

--------------------------------------------------------------------------------
Update Information:

Update to latest samba and libldb release (addressing various CVEs) and rebuild
freeipa
--------------------------------------------------------------------------------
ChangeLog:

* Thu Nov 4 2021 Guenther Deschner - 2.3.2-1
- libldb-2.3.2 is available
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2019660 - CVE-2016-2124 samba: SMB1 client connections can be downgraded to plaintext authentication
  https://bugzilla.redhat.com/show_bug.cgi?id=2019660
[ 2 ] Bug #2019666 - CVE-2021-23192 samba: Subsequent DCE/RPC fragment injection vulnerability
  https://bugzilla.redhat.com/show_bug.cgi?id=2019666
[ 3 ] Bug #2019672 - CVE-2020-25717 samba: A user in an AD Domain could become root on domain members
  https://bugzilla.redhat.com/show_bug.cgi?id=2019672
[ 4 ] Bug #2019726 - CVE-2020-25718 samba: Samba AD DC did not correctly sandbox Kerberos tickets issues by an RODC
  https://bugzilla.redhat.com/show_bug.cgi?id=2019726
[ 5 ] Bug #2019732 - CVE-2020-25719 samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets
  https://bugzilla.redhat.com/show_bug.cgi?id=2019732
[ 6 ] Bug #2019764 - CVE-2020-25722 samba: Samba AD DC did not do sufficient access and conformance checking of data stored
  https://bugzilla.redhat.com/show_bug.cgi?id=2019764
[ 7 ] Bug #2021726 - CVE-2021-3738 samba: Use after free in Samba AD DC RPC server
  https://bugzilla.redhat.com/show_bug.cgi?id=2021726
[ 8 ] Bug #2021728 - CVE-2020-25721 samba: Kerberos acceptors need easy access to stableAD identifiers (eg objectSid)
  https://bugzilla.redhat.com/show_bug.cgi?id=2021728
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2021-1d77047c61' at the command
line. For more information, refer to the dnf documentation available at
  http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
  https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________